Proofpoint reports data breach caused by the Salesloft Drift supply chain attack

The cybersecurity company Proofpoint confirmed that their Salesforce environment was breached as part of a widespread supply chain attack targeting the Salesloft Drift application. 

Between August 8 and August 18, 2025, the attackers systematically exploited compromised OAuth and refresh tokens associated with Salesloft's Drift AI-powered chatbot application to gain unauthorized access to customer Salesforce environments. The breach affected organizations by abusing the trusted integration between Drift and Salesforce, allowing attackers to bypass traditional security defenses and directly query Salesforce data objects.

The company claims that there is no evidence the supply chain incident affected its software, services, security products, customer-protected data, or internal corporate network. As a precautionary measure, Proofpoint deactivated the Drift application and disconnected it from their Salesforce environment. Salesforce also disabled all Drift application instances across its platform and removing the application from the Salesforce AppExchange marketplace.

The exposed data and number of affected individuals is not disclosed.

Proofpoint has committed to notifying affected individuals or organizations if further analysis determines that sensitive data was accessed or misused.